Hello Salvatore,
Salvatore Bonaccorso wrote:
Hi,
the following vulnerability was published for requests.
CVE-2015-2296[0]:
session fixation and cookie stealing
Thanks for notifing, I was alredy update by upstream. I'im going to work on
this today.
Kind regards,
--
Daniele Tricoli
Processing commands for cont...@bugs.debian.org:
forwarded 780507 https://github.com/librsync/librsync/issues/25
Bug #780507 [src:librsync] src:librsync: FTBFS on BE
Set Bug forwarded-to-address to
'https://github.com/librsync/librsync/issues/25'.
thanks
Stopping processing here.
Please
Your message dated Sun, 15 Mar 2015 10:34:41 +
with message-id e1yx5sx-0003ku...@franck.debian.org
and subject line Bug#725301: fixed in suricata 2.0.7-2
has caused the Debian Bug report #725301,
regarding suricata: init script looking for unexisting
/proc/net/netfilter/nf_queue
to be marked
Your message dated Sun, 15 Mar 2015 14:07:31 +0100
with message-id 20150315130731.ga1...@jessie.cruise.homelinux.net
and subject line Re: Bug#772076: confirm certificate exception dialog keeps
re-appearing
has caused the Debian Bug report #772076,
regarding confirm certificate exception dialog
Den 2015-03-13 10:34, Nio Wiklund skrev:
...
I would suggest wrapping safety around dd with the shell-script 'mkusb'.
Extra safety can be very important because dd is nick-named 'disk
destroyer' for a reason: It does what you *tell* it to do without
questions, even if it is not what you
Your message dated Sun, 15 Mar 2015 16:33:29 +
with message-id e1yxbtl-zn...@franck.debian.org
and subject line Bug#780139: fixed in checkpw 1.02-1.1
has caused the Debian Bug report #780139,
regarding CVE-2015-0885
to be marked as done.
This means that you claim that the problem has been
W dniu 13.03.2015 20:56, Simon McVittie pisze:
On Fri, 06 Feb 2015 at 18:20:35 +, Simon McVittie wrote:
This sounds a lot like another instance of
https://bugs.debian.org/775235 and
https://bugs.debian.org/770130 on which some debugging has
already been done.
I am able to reproduce a
Hi!
Since I got no feedback, I'm guessing that my mail could have been rejected
or marked as spam because of the attachment.
Here is my patch that gets nget-0.27.1 built with gcc 4.9.x:
https://github.com/alllexx88/optware/blob/master/sources/nget/nget-0.27.1-gcc49.patch
2015-03-09 19:35
Package: src:tomcat7
Version: 7.0.56-1
Severity: serious
Tags: sid
Justification: fails to build from source (but built successfully in the past)
I tried to rebuild tomcat7 this morning in sid and I found its build
is broke.
Relevant messages, (the complete build log is attached):
[junit]
Your message dated Sun, 15 Mar 2015 12:34:03 +
with message-id e1yx7k3-60...@franck.debian.org
and subject line Bug#779621: fixed in jakarta-taglibs-standard 1.1.2-3
has caused the Debian Bug report #779621,
regarding jakarta-taglibs-standard: CVE-2015-0254
to be marked as done.
This
Package: libgl1-mesa-dri
Version: 10.3.2-1~hands.1
Followup-For: Bug #775235
Just installed jessie on a Dell Latitude D505 and got the symptoms
described here (getting the Oops screen from attempting to log in via
gdm3, and seeing the underrun errors in the logs)
Tried rebuilding mesa with
Source: requests
Version: 2.4.3-4
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for requests.
CVE-2015-2296[0]:
session fixation and cookie stealing
If you fix the vulnerability please also make sure to include the
CVE (Common
Processing control commands:
severity -1 serious
Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from
machine.slice after systemctl daemon-reload
Severity set to 'serious' from 'important'
tags -1 + patch
Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from
Package: src:librsync
Version: 1.0.0-1~exp1
Severity: serious
Tags: upstream
Justification: fails to build from source (but built successfully in the past)
signature.test fails on BE arches.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'),
Your message dated Sun, 15 Mar 2015 09:49:18 +
with message-id e1yx5ac-0007hz...@franck.debian.org
and subject line Bug#779797: fixed in gdisk 0.8.10-2
has caused the Debian Bug report #779797,
regarding gdisk: Returns exit code 1 after successful operations
to be marked as done.
This means
Processing commands for cont...@bugs.debian.org:
fixed 777164 219-1
Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from
machine.slice after systemctl daemon-reload
Marked as fixed in versions systemd/219-1.
thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
# kissplice is not in Wheezy, hence this tag doesn't make any sense for this
package
tags 780473 - wheezy
Bug #780473 {Done: Andreas Tille ti...@debian.org} [src:kissplice]
Architecture attribute must be a single line, not multiple lines
For the benefit of others affected, the /usr entry in fstab *must* begin
with /dev/mapper/. My fstab had the /dev/$VG/$LV style and the script
does not know what to do with that.
Right, that the lvm2 initramfs code has never supported that naming
scheme for root, and now we have the same
Hello Philip,
probably your case is more an example for the problem described in bugs
#770130 and #776911.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770130
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776911
When you rebuilt your mesa packages did you apply the patch
Your message dated Sun, 15 Mar 2015 21:12:34 +0100
with message-id 20150315201234.gc14...@ramacher.at
and subject line Re: Bug#773626: libav: multiple security issues
has caused the Debian Bug report #773626,
regarding libav: multiple security issues
to be marked as done.
This means that you
I've poked around in core/libs/database/collectionmanager.cpp and it appears
that the digikam code tries to do the right thing and the most likely issue is
something about how solid handles these cases, so reassigning.
signature.asc
Description: This is a digitally signed message part.
Control: reassign 770130 xserver-xorg-video-intel
On 15/03/15 13:59, Rafał Pietrak wrote:
W dniu 13.03.2015 20:56, Simon McVittie pisze:
On Fri, 06 Feb 2015 at 18:20:35 +, Simon McVittie wrote:
This sounds a lot like another instance of
https://bugs.debian.org/775235 and
On Mon, Mar 02, 2015 at 03:37:03PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
On Monday 02 March 2015 18:20:22 Moritz Muehlenhoff wrote:
On Mon, Mar 02, 2015 at 07:32:11PM +0300, Dmitry Shachnev wrote:
clone -1 -2
reassign -2 libqt5gui5 5.3.2+dfsg-4
thanks
On Mon, 02 Mar
On Tue, Feb 17, 2015 at 10:02:37PM +0100, Moritz Muehlenhoff wrote:
Package: potrace
Version: 1.11-2
Severity: grave
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=955808
Could you report this upstream?
A CVE ID has been requested, but not yet assigned:
Processing commands for cont...@bugs.debian.org:
reassign 762950 libsolid4
Bug #762950 [digikam] digikam: Removes all images from database when
unaccessible mount is found
Bug reassigned from package 'digikam' to 'libsolid4'.
No longer marked as found in versions digikam/4:4.1.0-1 and
Processing control commands:
reassign 770130 xserver-xorg-video-intel
Bug #770130 [gnome-shell] gnome-shell: crashes with Failed to create texture
2d after [drm:i8xx_irq_handler] *ERROR* pipe A underrun
Bug #776911 [gnome-shell] gnome-shell: crashes with Failed to create texture
2d after
Hi,
a test with piuparts revealed that your package uses files from
/usr/share/doc in its maintainer scripts which is a violation of
Policy 12.3: Packages must not require the existence of any files in
/usr/share/doc/ in order to function.
cp: cannot stat '/usr/share/doc/mibrfcs/*': No
On 15.03.2015 17:52, Miguel Landaeta wrote:
tags 780519 + jessie
thanks
It is also failing in jessie.
Confirmed. I also see messages like
SEVERE: Unable to join multicast group, make sure your system has
multicasting enabled.
Caused by: java.net.SocketException: No such device
Markus
tags 780519 + jessie
thanks
It is also failing in jessie.
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
Faith means not wanting to know what is true. -- Nietzsche
signature.asc
Description: Digital signature
Processing commands for cont...@bugs.debian.org:
tags 780519 + jessie
Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests
Added tag(s) jessie.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780519:
Processing commands for cont...@bugs.debian.org:
severity 779547 grave
Bug #779547 [src:dokuwiki] dokuwiki: CVE-2015-2172: DokuWiki privilege
escalation in RPC API
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
779547:
Processing commands for cont...@bugs.debian.org:
tags 780444 + pending
Bug #780444 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: use after free:
GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure-ref_count 0'
failed
Added tag(s) pending.
thanks
Stopping processing here.
Please contact
Bernhard Übelacker bernha...@vr-web.de writes:
Hello Philip,
probably your case is more an example for the problem described in bugs
#770130 and #776911.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770130
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776911
When you
Processing control commands:
severity -1 normal
Bug #780444 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: use after free:
GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure-ref_count 0'
failed
Severity set to 'normal' from 'grave'
--
780444:
Hi Paul,
On Sat, 14 Mar 2015 10:00:01 +0100 Paul Menzel pm.deb...@googlemail.com wrote:
(...)
Evolution sometimes crashes due to a segmentation fault in
libwebkitgtk-3.0.so.0.22.14.
evolution[2714]: segfault at bfd27b2c ip b5708819 sp bfd25a20 error 6
in
Processing commands for cont...@bugs.debian.org:
found 780519 7.0.28-4+deb7u1
Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests
Marked as found in versions tomcat7/7.0.28-4+deb7u1.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780519:
Processing control commands:
severity -1 important
Bug #780400 [libkio5] libkio5: cut and paste files on sftp can cause data loss
Severity set to 'important' from 'critical'
--
780400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780400
Debian Bug Tracking System
Contact
Control: severity -1 important
Hi Salvo,
thanks for the report.
I'm currently doing some bug triaging and saw your report.
Please note that the effect you described is unfortunate but it is not serious
data loss by defintion --
serious is here to be read as massive data loss, like wiping half
Your message dated Mon, 16 Mar 2015 00:48:42 +
with message-id e1yxjd0-0001ma...@franck.debian.org
and subject line Bug#773823: fixed in libpng1.6 1.6.16-1
has caused the Debian Bug report #773823,
regarding [src:libpng1.6] Heap overflow
to be marked as done.
This means that you claim that
Control: severity -1 normal
Hi Paul,
I have the feeling this is not grave.
Please see https://www.debian.org/Bugs/Developer#severities for the defintions.
Or do if I miss something, then please clarify.
Thanks!
--
tobi
On Fri, 13 Mar 2015 23:54:09 +0100 Paul Menzel
Control: Severity 780207 important
Control: Severity 780162 wishlist
Hi Chris,
can you please let us know the link to the upstream discussion?
From your description, I don't see a imminent risk of data loss which warrants
a RC bug level. Therefore downgrading to important.
(CC'ing also the
Processing control commands:
Severity 780207 important
Bug #780207 [mdadm] default read error timeouts: drives dropped regularly +
data loss on array re-build
Severity set to 'important' from 'serious'
Severity 780162 wishlist
Bug #780162 [smartmontools] default timeouts causing data loss
Processing commands for cont...@bugs.debian.org:
tag 780506 + pending
Bug #780506 [src:requests] requests: CVE-2015-2296: session fixation and cookie
stealing issue
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780506:
found 780519 7.0.28-4+deb7u1
thanks
I also found I can't rebuild tomcat7 in stable due to failing unit tests.
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
Faith means not wanting to know what is true. -- Nietzsche
Your message dated Sun, 15 Mar 2015 21:25:57 +
with message-id e1yxg2n-wj...@franck.debian.org
and subject line Bug#780447: fixed in tomcat-native 1.1.32~repack-2
has caused the Debian Bug report #780447,
regarding tomcat-native: SSLv23_* calls shouldn't be disabled
to be marked as done.
Control: severity -1 normal
Hi Paul,
all good things are three ;-)
Same as on the first one, please tell how often sometimes it. This is
for sure not critical. Your described
scenario is not _serious_ data loss. *Serious* would be if it wipes
half of your filesystem, for example, but not a
Processing control commands:
severity -1 normal
Bug #776686 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: Crash with SIGBUS in
`WebCore::WidthIterator::advanceInternal`
Severity set to 'normal' from 'critical'
--
776686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776686
Debian Bug Tracking
Control: Severity -1 normal
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processing control commands:
Severity -1 normal
Bug #780452 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: Segfault in
`VectorBufferBase` at `../Source/WTF/wtf/Vector.h:330`
Severity set to 'normal' from 'grave'
--
780452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780452
Debian Bug Tracking
On Sun, 15 Mar 2015 11:23:34 +0100 Benoit GUERIN benoit.gue...@gmail.com
wrote:
For the benefit of others affected, the /usr entry in fstab *must* begin
with /dev/mapper/. My fstab had the /dev/$VG/$LV style and the script
does not know what to do with that.
Right, that the lvm2
Package: capnproto
Version: 0.4.1-2
Severity: critical
Upstream has reported a number of security issues in capnproto 0.4.1.
Creating bugs to track these issues while I work on getting them fixed.
This bug is tracking the Integer overflow in pointer validation bug
reported on 2015-03-02.
Full
Package: capnproto
Version: 0.4.1-2
Severity: critical
Upstream has reported a number of security issues in capnproto 0.4.1.
Creating bugs to track these issues while I work on getting them fixed.
This bug is tracking the second CPU usage amplification attack bug
reported on 2015-03-05.
Full
Package: capnproto
Version: 0.4.1-2
Severity: critical
Upstream has reported a number of security issues in capnproto 0.4.1.
Creating bugs to track these issues while I work on getting them fixed.
This bug is tracking the CPU usage amplification attack bug reported on
2015-03-02.
Full details +
Package: capnproto
Version: 0.4.1-2
Severity: critical
Upstream has reported a number of security issues in capnproto 0.4.1.
Creating bugs to track these issues while I work on getting them fixed.
This bug is tracking the Integer underflow in pointer validation bug
reported on 2015-03-02.
Full
Processing commands for cont...@bugs.debian.org:
tags 780565 + security
Bug #780565 [capnproto] Integer overflow in pointer validation
Added tag(s) security.
tags 780566 + security
Bug #780566 [capnproto] Integer underflow in pointer validation
Added tag(s) security.
tags 780567 + security
Bug
55 matches
Mail list logo